How do I connect to the license server if the master domain manager is using a proxy server?

How to connect to the license server using a proxy server.

About this task

Managing your licenses requires an Internet connection, but your master domain manager is located on a network without Internet access. In this case, you can set up a proxy server and indicate the specifics of the proxy server when installing HCL Workload Automation. If you cannot set up a proxy server, see How do I install a master domain manager to reach the license server with no Internet connection?.

To configure HCL Workload Automation to communicate with the proxy server, perform the following steps:

Procedure

  1. Set up the proxy server according to the specifics of your environment.
  2. Log in to the workstation where you plan to install the master domain manager.
  3. Browse to the folder where the serverinst command is located in image_location/TWS/interp_name.
  4. Start the installation specifying proxy details in addition to the typical set of parameters. In this case, default values are used for all remaining parameters:
    On Windows operating systems
    cscript serverinst.vbs --acceptlicense yes --rdbmstype <db_type>
--dbhostname <db_hostname> --dbport <db_port> --dbname <db_name>
--dbuser <db_user> --dbpassword <db_password> --wauser <wa_user>
--wapassword <wa_password> --wlpdir <Liberty_installation_dir>\wlp
[--sslkeysfolder <certificate_files_path>] [--sslpassword <keystore_truststore_password>]
--licenseserverid <license_server_ID> --licenseproxyserver <license_proxy_server> 
--licenseproxyport <license_proxy_port> [--licenseproxyuser <license_proxy_user> 
--licenseproxypassword <license_proxy_password>]
    On UNIX operating systems
    ./serverinst.sh --acceptlicense yes --rdbmstype <db_type>
--dbhostname <db_hostname> --dbport <db_port> --dbname <db_name>
--dbuser <db_user> --dbpassword <db_password> --wauser <wa_user>
--wapassword <wa_password> --wlpdir <Liberty_installation_dir>/wlp
[--sslkeysfolder <certificate_files_path>] [--sslpassword <keystore_truststore_password>]
--licenseserverid <license_server_ID> --licenseproxyserver <license_proxy_server> 
--licenseproxyport <license_proxy_port> [--licenseproxyuser <license_proxy_user> 
--licenseproxypassword <license_proxy_password>]
    where
    --acceptlicense
    Specify yes to accept the product license.
    --rdbmstype|-r rdbms_type
    The database type. Supported databases are:
    • DB2
    • ORACLE
    • MSSQL This value applies to MSSQL,Azure SQL and Google Cloud SQL for SQL server.
    • IDS This value is supported only on UNIX operating systems. and applies to Informix.
    • ONEDB This value is supported only on UNIX operating systems.
    This parameter is optional. The default value is DB2.
    --dbhostname db_hostname
    The host name or IP address of database server.
    --dbport db_port
    The port of the database server.
    --dbname db_name
    The name of the HCL Workload Automation database.
    --dbuser db_user
    The database user that has been granted access to the HCL Workload Automation tables on the database server.
    --dbpassword db_password
    The password for the user that has been granted access to the HCL Workload Automation tables on the database server. Special characters are not supported.
    --wauser user_name
    The user for which you are installing HCL Workload Automation.
    --wapassword wauser_password
    The password of the user for which you are installing HCL Workload Automation.
    On Windows operating systems
    Supported characters for the password are alphanumeric, dash (-), underscore (_) characters, and ()|?*~+.
    On UNIX operating systems
    Supported characters for the password are alphanumeric, dash (-), underscore (_) characters, and ()|?=*~+.
    --wlpdir
    The path where Open Liberty is installed.
    --licenseserverid
    The ID of the license server which processes license usage information. This parameter is required. For more information about enabling your product license, see Enabling product license management. For more information about creating and setting up the license server, see What is the HCL License & Delivery Portal (FlexNet Portal)?
    --licenseproxyserver
    The IP address of the proxy used to connect to the license server.
    --licenseproxyport
    The port on which to contact the proxy used to connect to the license server.
    --licenseproxyuser
    The username for authenticating to the proxy used to connect to the license server.
    --licenseproxypassword
    The password for authenticating to the proxy used to connect to the license server.
    --sslkeysfolder keystore_truststore_folder
    The name and path of the folder containing certificates in PEM format. The installation program automatically processes the keystore and truststore files using the password you specify with the --sslpassword parameter. The folder must contain the following files:
    • ca.crt
      The Certificate Authority (CA) public certificate. Note that if certificates being installed are part of a chain consisting of 3 or more certificates (one Root CA, followed by one or more Intermediate CAs, followed by the end user certificate), then this file must contain the Root CA certificate only. Any Intermediate CA certificates must be stored in the additionalCAs subfolder, which therefore becomes a mandatory subfolder. Each Intermediate CA must be stored in the additionalCAs subfolder in its own file.
    • tls.key
      The private key of the end user certificate for the instance to be installed.
    • tls.crt
      The public part of the previous key, that is the end user certificate.

    For Unix systems, ensure that all the files have the ownership of the user who installed the master domain manager and the correct permissions (644).

    You can optionally create a subfolder to contain one or more *.crt files to be added to the server truststore as trusted CA, whose name must be additionalCAs. This can be used for example to add to the list of trusted CAs the certificate of the LDAP server or DB2 server. Additionally, you can store here any intermediate CA certificate to be added to the truststore. The subfolder must be named additionalCAs. Note that if the end user certificate being installed in the instance is part of a chain consisting of 3 or more certificates (one Root CA, followed by one or more Intermediate CAs, followed by the end user certificate), then the Intermediate CAs certificates must be stored in the additionalCAs subfolder, which therefore becomes a mandatory subfolder. Each Intermediate CA must be stored in the additionalCAs subfolder in its own file.

    --sslpassword
    You can use this parameter to define the password for either default or custom certificates, as follows:
    • If you want HCL Workload Automation to generate default certificates, provide the password to be used for the default certificates. HCL Workload Automation generates the certificates and stores them on the master domain manager in the installation_directory/defaultCerts and TWA_DATA_DIR/ssl/depot directories. You can then use the TWA_DATA_DIR/ssl/depot to retrieve the default certificates for the other product components.
    • If you want HCL Workload Automation to process custom certificates, provide the password for the custom certificates and the path to the folder containing certificates in .PEM format with the sslkeysfolder parameter. To process custom certificates, the sslkeysfolder parameter is required.
    Note: The values for the following parameters must match the values you provided when creating and populating the database:
    • --rdbmstype
    • --dbhostname
    • --dbport
    • --dbname
    • --dbuser
    • --dbpassword
    See Creating and populating the database, then follow the link to the database vendor you are using for more information about command parameters.
    You have now successfully installed the master domain manager and set it up to communicate with the proxy server.